apparmor-profiles-2.12-lp150.6.3.1 4>$  Ap\>/=„>Mr3şW #Ô D"9aZfKUzSTc? Ֆ!Ә_atO(/=„T,ѹ8^\e 5* fTګ$/khfP W|N`Np*Yhɪa|?7tHh`J6 mp1iq"J 3!MHR{`cU *9#r|9=u;JfW l pΡ #]>`"9%2XC>p@ ? |d % g  ,29  2   X 7 8|;@>B*BLEEPEpF'(F[8Fd9H:T>BFGHIXXYdZ[\]X^<bcadefluv z  , 0 6 xCapparmor-profiles2.12lp150.6.3.1AppArmor profiles that are loaded into the apparmor kernel moduleBase profiles. AppArmor is a file and network mandatory access control mechanism. AppArmor confines processes to the resources allowed by the systems administrator and can constrain the scope of potential security vulnerabilities. This package is part of a suite of tools that used to be named SubDomain.[Tlamb20xopenSUSE Leap 15.0openSUSEGPL-2.0 AND LGPL-2.1+http://bugs.opensuse.orgProductivity/Securityhttps://launchpad.net/apparmorlinuxnoarch# workaround for bnc#904620#c8 / lp#1392042 rm -f /var/lib/apparmor/cache/* 2>/dev/null #restart_on_update apparmor - but non-broken (bnc#853019) systemctl is-active -q apparmor && systemctl reload apparmor ||:3W79=;BRDCEFCKJCICBJPCIID?D??>=<<<<ZGB@ 8qp %ss)   $Rv' ?JF+%kV{~ DIYG 4s. YV)  n@ @VBJ##f7*5e p,& fA큤A큤[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Džd09b3fdd8c6da4b81a2cdb8e82feb5d62bd0e0a8a133fad6d1ed34227e48eb3eec6169bd605c4b96903c6de20a5c7597c7d6e095d4ee477dc262b031b6245ff50cf5504e1560596a442c26e953442849c6cd17e17bf70528f0714078c588fd67ab7f52de2a49c322ca22deaff676af8ebb909a0efd83b6d5e27579897a4c1c5d81107f79fbb30188f8cef12435b9e584a686c26415c874b634f6fbbb5dac1a8c9713a9701599cf6cf610dc6fbaa85e6ccc7fdfa7261a25d3d213996aeae2757ba7d679d783bcaa5363764c16869f9ba995b36f0986db0b9d064025916e79ae86c1ab19fa9edb110815e8afb1c90319ca5b468739300300adc013a121ee29da187d4a3e61eeefdee2874ca322e04da0619f8dfd09bf3282161785ad218b97b64311a5461ef85490aae0379a3723288539c21a200072453e1230511b0fc1a518a593dab4a141a620b249b52bea5ac8eebd27408df7ca56e67a1b5716adbc1d90ba7706b520236a3653e795b5b1762ff2c633719ec920734063fbb64ddff9c9e57cb514c5e90ef1727523ef832079ec02c8817f3b852ac8953ea05fa6b2601f2e3b676067207d5f4d60777308fd7e88ddc912b9d1e9562077c6438a23d925a31a075a7fb8cbefda399fb3fd255417615c3fa1c026cfa7eed06fd7ba58c3b5cb0bc6478e6e27f75774172214494235ca00fc058966387c2824f9eaff8ea60ed7888be8ac96d5ed6d93eb94ca995979b604dd8813bc6b8d0a01d031fc4162766b75079cb034a0cb660a8448e7cbfaa59ceb8fd72a6a50167edcac82906a9f01e62d67347db7d402c98e4471548a029b8d424fc31cfc4083f0ed342b72eab2accc2c655c95272813199f06a2f7db93a231375902860e4306e561ee09896fcf381c76cd4af8b2f08bb90dc0f5ee2b1aee758841a2496c7c0055416cc85ea95377d139965eac9fc58403f411d821c6a95456bad8fe07226de1edb128f5a85fe7a7774a193e97afe6d695bee2568226c3b19d7e103a201cc9f29a52c6e2a2cdcb7ce6a6a2c640cce70ae04999ed60b0a976026a416e2856961882e06bc68abc16d4037ceb38bb71ce0001c53644edcdc9afa09bf30260e4f7138525b1b8f65346e4b08c563b54759c0de72e4d112d07d3c65d36bb7bcd4ea9e8dedc811ac6e210efaeaf8c60eed8037dd30e6f6369ef74ba934438af33bb871e90584b9414f96f40e2b256b44710f72406f551fd9d86871d8f1c1b5c233b8356803b1768faae8e283a1c13698e8fdda52b1010a543290090131c2bf4ea878c446001285f5e53b98b355fcf78948c03e657e5d7334a929a1f3446fe1e3bf8dbf56e3b9e9ecab57c19a61ad31c12c8281a0fc2ecf3d49ef6dd542dc59849b5516988e7cac473dcbcbc4628940aff93a667d8e2fc0450279e04715f9977ddf0e4e0c53328159da9746a43ae08c12d6436bcafa4ab95794a993d0d8ca24cf1d334d4c9fce0a84854e0474de26c7cfa3a1e67cff4bf1034b7503fb8df38e5ace76607c853cb8dfc4d9d129bb262946919381c08d32151ce4a403c73ad22dcd5f9bca21be455587383e756a0343384c88f267a8aed928ddac0a62daa61229a0ec7b8e3fd91c5abf6e20c7c2093172b061126a386642e3e87a53366807829b3fbcca0df3efc6a70b6fe61c398e31e7df09c62a842da2aca7ab3049602aa4bbab8e95d7fdf25fccc3850f632b1cd0e4dd334507ac60d2e082c748d020a3c74dcc8f3f59da612eb93f1a811525eb2a9d8b58ab063a16077d5287f1ab8991cf18cae17ec149579e45f958c0724a1fb4a133c671b3850bd27e3d3078eb774c488b2f2820db9dcc987130c8700d78a31391bc6f00d979d65ca517ad64325b75e03a843b2c33195bb80dea3a7d3ef18c23117361d368428999540bd110b7e6ec82349a444d2d12f0ff14b5406e015990534e43962a0d7d7f09e571a22ee6fb4a5f870ba2f6258bd3b4b0e9684d1172eb81ec9182bb632f84ecb86bda23d1ccda4c36cb72279f754c68884ea48d4300282428e58fbb94b7b6d460b075af729756723959cadb6bb7308b1f14d02299a7e9bd67e1921d4056c122bacdb4baf19c92aadcc1e240e8ff59bb10d6be1e68e9c92aa9910d3c9d8bacdccfc33660e554635bc0b2cc3e32af1c8bc2c187945368cf9e23fa3aaab7e84d5744934c73a7bf9d3dacee2c0558cc099b388cf2bef8379ee19b39d5e35b34c3d0069cd8bd423946390c8f8240c33bd8abedcffdf814e17be66a14077c6f7e988db6dc2b9173b112e9b8aa64bf4e1ee8a8d57637bfe8a925e2d4ecc460e2ab89d49241e36f21e1098a1b957351ccdf8e74be69de4d1bbfc5e4f9c9d13fc081de5d7cd66652b2e94de8266a9ae9c54ef9af7872333230ad535646eb6a53a970f4b6a803151e1e6d78128770b7c87fac706c1b5b695b1ff91e60dafc93fbe31fa6c7d3bca177053bf2992e2388984069f5df14034070ec9cee1111ed8cdf46118c9b0a27aa4f1f962f2f222a3c07f9ae78fb39d8715bcb354d0b9d0427b124b1ed04b14a8326ae13f1eb2d1f8274a88a3b6dd8a6a27f1f0bfa7fc34427fbf34f69d87ee3bcb15380a23035b0ab45b1ad4c3795b305b6c6ace9b172d3e5f21f181b1d8a70ebf56fd6e98c2cb322a6c870ebdc46ff9e44bcc27ec2c491d9c24f7cf094e835d8eb543f4770cdf3c3dcfd56d766f5dba20502187f6b4bbd3639cb8094eada29c899829c14d65ebb3b3ee6193d064c2c7c16969bb6a519c637c29378cefc04eba5dd582706d1ee81bf87872804a7a67bbfb4068bc1bebcd68e1f32cdd7a391b255bcb189d5a927f422220dccd5c2b454ec391641e417f6e1e106cbafeac55c7201337315b2a442c1acf84062f59631ef7d318e2e7be693cb780f1d91bab2eeda84ba9a33b4c3ff4ca316e1a5dc16cf1bfe7231d95acdc2541820eae759b3c55185cc513d34fff82aa3da784968f51b89b04228d735e3c362db9eb4602c3bc2199b221f8ff27a6bd3317e5cf44bed77e60ea9d7e69a16e5ae184925af669855bdd6e7773984f95d318587e2d9185c5ac8f43938f967412ee27eb3ae918505ec2ac55401dce0fdbccd1d7073645d7df338eb32c7a4eb07077934bad699cb1f7f2db906ab1ec0d2017ef8836e410729ba52d2f3cc3ea56bf6d29af4a1d75ebed192a38542094bc2b23c228996f927517da7301c624961433cda53ca078bc4935c7dbde280cb8149ded6146dc1f291c1edb02b7c5fdc0faf47249eba807c2caf0ef73e61418ff8d2d1e7018db4a8a0c0eaab874360d9f6c7ee25b3338df0c65935bfe227928f31a6a8e597559aed7fc608118673cee130ca7b9f54d2a2eb5ca913783b0effa7caeb3195e62551dfba014321e6e82e9a0bbfd90744b12378f77cab4eeeafb8baaca74f9d4f2ab3d8e9d800de1ad086f58937bc285464068fd18b779a56d10ce5ba65bb86034bbbe0665df0ef2bf28f307bfd2e363749c41ad99baa1d3701c94d447de7c14d071acf7597b38be43fc9058601694062d3ee19630dbeccb821ee63ccbe774c7dd7d2b13549408f87e570868bfe92ba40b2048056271d5257511e68d622200020f42b0a332c0e81ce788505ee814c95fc6e78e3e7bc9fa0f8da620dbdff89aa78244df4f2681a2d87b0ad3451074e79cc54da200ff7283b6717d7beedee9ef7dad8fdddfeafdc5124a529fd429947b44f41d39d16559185fe55a07b64485182e3372411172ec69c32e61d905d6e1a394f9782047dfc7de7bd5664c4edc7c25bc7e880fd623142d87f56053b1cb9336ef4491c3eae9e7c5750e3a49224e0dccedfee34fc86ecaef23443587c81e1815fbe7c27bcd978928a4c415d81525499f1519f77e52951de55dfff44b74f31083971766bfb7b8d08d61267d69e32c8ceaa749183a5e5eca4b6e5b0c2ac247b8b5933cc8103f02a3c69bb63089132739fb4263ca6f7f8f197fe864e4eb55c14cc906ddf2a55897250edbaa83d902dabe5e2edef37578194d1b85b975f7ce4e29500b7a34fdfba54d3dab3f0a348af539b9e0039fe26ffd09bbd10ce1f2eb1cd27aeb49a69a0659dbb66d19b52fd0285a60e07b457101fe3b7a3540970f3b35df16dccf1e931fb42f452482875fe830a2d4942b443995685f29aa8f176e1fd98050051ddfb58edfe3499e69fc1e1f9fac8dd542e83e09c080f02d6fe64059f3ab4aa122aec94477cef067e77eb38d99c6196c248d8ec1484ac254f1c3d81a80b77fdfb41a3d9d464d42c07a0414229d0135e7aa3ae70865c23ae12486f3216d2c329c5ba7bc56298e657983d952b11ae12cc3016b1469c8f71098d045d46263617a74a43c5793eca19a59c37586609bbf5aec8402e798d10f308b2ad4f8e6018f28ca954f0aed3fdfb82e7a463e9273fc1879154cb1b8e7350099c0202de5ebaa3d6c7baf46f37054bb8a855ce8213c25fb90786d5a403f6a7d923a2ccf1487e6087562b94c8fd0b30a90e32715c08e1fe004f1181b3beaa86beea1e5c2e93edf4f4c7d740c5e51f060c60afb0c04c46635ee68243f7c0a1ef2e18e7518fd19d18d3f36adedddfd977351882c1b6575cd39aa82ef861152b4edb5e1b218e64c88b750a2041698bd47703d48b4ff077b8d1f6eb8b2bd488ccfae7be7b6b37dc1639ce2a4f2b48b7866aeca21ef682539dc6584463da3929fb9eb9330e5507f74c4ce731a5adf494d0f74bab5e534a3ddb36a0f937ef531c853a1ee1777877875529f662bed67cb94ba29483d8b7388623a442034e7a1ebbf651cad25d2fc2d354cc04224be4193b87a59e4fab83029fed8d476d86b968550abfcb13d379c68649e6d8dda9c6b3a0a188af915f4d3ae9e7c9ee301a311d843c78b7c2e7c0d55edf0a5da19509c2308dbcff422dca3e3d56569c5094b30665c43cd65765091b19448a55a7aac7f237c862e307f6006342e6e061add7c939dc2ae9f48e25366b5e6712b702c8a87f7d221d9656703a5eed93373d199ee2c53ac0adb084a21288a999b505245d4a646a47b811dbd59fc35d6b1334e8e4c3e87a0399ba4b1c168eae59d3efac58f91b164b0ecc42f3e555ac861e86f0f2d9d18d59aa11a52afb991ea6e9c755bb6b0fe76f2fbbf8a1bbc006ad6114eb411ddc1b8a5c8f78f51ed3e574b31909538d007e8a56689e2a6ddfc9a7c4601e17779b84197ea2cf867cfda0a460da83b3a1a3e9097333390fc7383d40d1054ae460f15f189061bea715c779f03b00040e21232c7ae862920eaf8d9bc0a1b7b0dfe7674bf177d34315de53f49f8146f14ceb92e7b070d7e7868f53f89298cea91b2814b4d360ecc0140d145628a64336022b06cfbfb5abac153be83771025374cd9a2f8223ad0ad253451526658e7ce670d0f7ede85198115eaeddecebd4f51855b42215e76ce5753efc927785901bfa716188f9d7436b6335dc918261bfc434fd54c2cada8884ed785956e69f7da2f2673402f577d07d84dfb7accec9a894c2a0c358e964412e64c17b6b64f4ca925df7695363ba6b3c303185e4b4fd798938d36b9bb0d4d31720ceac3d5b2b11c0613185a09655535c6a2719916772e057c843eedf52d5a2fa1a7fa899a98a829035638facc7a0422f658df3d89960fc4993ab41fea4126a02e985bec4b7d093e138d9476cd539894e71bd3257432d5d153dda5581ad739388c93138abce1fb1a5fc315d9d8bf1c1b7dd8e4b6dc468750dea22972e2ff3448ec19fe72b9bc5bffe021608ff9975e4b835bc7b3847b5b19dc0ef9891bec1880dee38b2c29fad65d008a7f0d348b9c57f8dd96f7410d7780ce0cdffe5384cd98711f71c4a9f50b79de645fc2e89a4b52a629dd02a89e1c1faa7d45c94b6f6266ed3891c438a3380d0508eb6734e0bf955475b134117d3ce449deed56e2d72db138f1c954be27ad112c3efbe7871ded24dafbcbde4a2e86b098a3d5ef888658564333e3fa0ed1b3386cda35b1744c4e073a554de53274c5ce5747eddb85d73804437bb92b9d149ce8c6f6e56094e494ccef66787ec66bba809acdfa0e9b08baea4d91229f36d63bf850137dddb6cb88d5957ad74bc6a3392544b3a9215b30bf484afd76f755d3dd89147152b39a41983691e2565149c61133daec1bfba5213920c585eacf9cc97ed37b99ca36a3fdb4cc168ca8cd2d8b2ecbdedea9ccc6692a1ff6e89d4789b568e1e20b168bf101f2550cc5ef583ea3a34840f5db29f71b919f2369443e880770dd31e7a5334b46c27b0ec654e2f2b6a0edbbca18972abc955996c683f2b8c65b1d58f84943d26a919abb0cd4539b087d84d852c2477c63414c984c52bffa65d24a3ea382809f763bf259471fb91b97b225d8f186282c76ff74c50435451de1f7fa68a738c0a9bd5760fbd4accb9dbb5a620c11fcf0e2af44a5862ecc1ede2d3d376d7aa405e059adbc8acaf4ddfdc19419a7f3b55ea5c8d4c4e69bd816bb65d563381aae70b9f261878f4bbc85aafc085f6aaf771d337689036ce2e3dece6c227ff87da043466b7859d6da77e56068455b35ba9eade7d3e4a5da44d2edf5ea4001f33a110af7cc43636c504b3ff3b5a75fd69267e4496201106e1c3e42bd7b9f67c16ac02698f4be52a0f7dfed5eb7925dab74b318ecb697fd85d18a893219de1eec5f45e31dabcdce35434edd7021f3d6a2c74c4bfbb7eb6c4e5ae9a1208c1f7c04415929ca902701e1ba64e3acc4c09f21abaad88a55d7840bffa91a0c22901fc6a9c8189cfe48a1320206f3ee9b85b912b9ed1078a7c389f4b52c26382d1bfe7dc198735421393e0d63726a44fabffdba9a37431d375a545e8337eefaedcc43d0b3b2d05c29a64764d3d8c089221c337e858a71cd85dab86106ab9ca6131e866771622376dbba6a25cf94975c920d5185c76b7fe1d9f081e9bd0e27690c93eb475abe26a981d12206423fb1354b5820ad8c8d3f10ab217e32353bb21b9aac30eb3c324cbfb9bad50cf632cc4ab5b0081dd9945b3d31d8d55dba716d73b70d9f5191e68faf8460749a2c18329627d7a1d11c86a3ae8072ae76b42fa81df445a054071e263d488902e34d7bcd4a9b665ab973e81ddc2e591fedc4ddbc6a4ca20d367975877041d82373b7545914a396d60f76b6c2eb0e667afa6a7b96e0334a53a4cb9d3c0fb3790e72f958cba339daaa41f6369aa69821ee3bb7c34fe249fd61e4de56d111b8d8206881696239f59dcbfa571f9653c8511ced2006a161275ecfa5ad6a2f6c934d803f3d705595ead8683912415c64271fb12216284da712e8ac4a2a18efbdc61c3175b5b6f8cc2c007ebf686d6954418356b7c39d90cb67444df4c5b3f0fa4234e8a2aa7d1780c131ea32f2572eb48985eca8667a18497a5c7661161dda11e5a1e529fb858fb85f7af1ecda85c38206ab45ec4a185a3b1be1247bc6c186e99435e501f998c2efab0f915c09fc11bf2af249336768b86fb824025e8465049e9e2f56dd4189622891d1d6ddb6e1c0b7e7b31beacb7872289de950bcc8a1307a1e5afd3241b4245f67d9cb226d553bafdc8dea99ab6a2ad730b75a722865ccb3b4fdfbaeeed104f9b186de2eef2b435d0b240a482dd49490ea942a178ce7dbfdadba776d5e945fb756cfb8300964ab6ef7d90c98a3315cc3bafda63099fd22065116ccd5efa5c6a7eb4c3f6ce09b0905f3587f749a4fce2e4925217cfa7ccadff437748223b5cd2fd128877331cc59d5552540c9e226b79e8bf2312047db58fcc8f097c814898244df68f8646e5d1c04a813595b5475da36ccc0e673f2426a000c21860372d15f0fe44aa96919f17e08c1f37b3d504239c1e98bb4ca364ad839212c260d66550d3916362b2cbb64cea267322c828da13523539774be01ec92f22162ff8f968c15e3f96b3bb9d3e3debe3a554b0e0f71a55f1d76rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootapparmor-2.12-lp150.6.3.1.src.rpmapparmor-profilesconfig(apparmor-profiles)subdomain-profiles     /bin/shapparmor-abstractionsapparmor-parser(CAP_SYSLOG)config(apparmor-profiles)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)2.122.12-lp150.6.3.13.0.4-14.6.0-14.0-15.2-14.14.1[ZZ3@ZWQZN@Z@@ZZ@Y|YY{YǞ@Y@Yh@Yf@X[X~@X@X*XX6@XAXtX @Ww@W/@WDB@W@V @Ue@UU@UU~@U:0@U0U*^@UTgT!TܕTC@T6TT@T5ThTeT_W@TBV@T7@T2@T12T'@T @T TT@S@S/S@SES@S\S:@S5d@S*@SRRR۾@R@RR;R@Rt@RpRcR].@RH@R<8R6R2@R1RNR@R R QQQvwQZ@Q5@Q @PP@P@PaP\VP#@P`@Pw@O@O@O O@O O@O~O3@O'ON@NNN@N@NNNN@Ns:@NoENg\NRDN98@N7N7N"N|@NM@M2@M@M~@M~@MlMfH@Mc@M>@M>@M=iM=iM=iM<@M<@M9u@M5M,F@M,F@M*M%M@ME@L!L!L8L8L8L8L8L@L L+@L@L@LwPetr Vorel rgoldwyn@suse.comrgoldwyn@suse.comkukuk@suse.desuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.dergoldwyn@suse.comsuse-beta@cboltz.desuse-beta@cboltz.dergoldwyn@suse.comcoolo@suse.comjmatejek@suse.comsuse-beta@cboltz.dergoldwyn@suse.comsuse-beta@cboltz.dekukuk@suse.comjmatejek@suse.comsuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.decrrodriguez@opensuse.orgrguenther@suse.comopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.decbosdonnat@suse.comopensuse@cboltz.demeissner@suse.comopensuse@cboltz.dedimstar@opensuse.orgLed opensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.dejfehlig@suse.comopensuse@cboltz.dedimstar@opensuse.orgjeffm@suse.comddiss@suse.comchris@computersalat.dechris@computersalat.delmuelle@suse.comlmuelle@suse.comopensuse@cboltz.deopensuse@cboltz.decoolo@suse.comopensuse@cboltz.deopensuse@cboltz.dedevelop7@develop7.infoopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deseife+obs@b1-systems.comopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.dekkaempf@suse.comcoolo@suse.comopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.dejengelh@inai.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.decoolo@suse.comopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.dewerner@suse.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.demszeredi@suse.czopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.demeissner@suse.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.decoolo@suse.comopensuse@cboltz.deopensuse@cboltz.dejfehlig@suse.comopensuse@cboltz.dejeffm@suse.dejeffm@suse.defcrozat@suse.comandrea.turrini@gmail.comjeffm@suse.decoolo@novell.comopensuse@cboltz.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.derhafer@suse.dejeffm@suse.debwiedemann@novell.comjeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.decoolo@novell.comjeffm@suse.dejeffm@suse.dejeffm@suse.derhafer@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.deczanik@balabit.hujeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.de- Backport dnsmasq fix: 025c7dc6 ("dnsmasq: Add permission to open log files") dnsmasq-Add-permission-to-open-log-files.patch (bsc#1111345)- add fix-samba-profiles.patch - smbd loads new shared libraries. Allow winbindd to access new kerberos credential cache location (boo#1092099)- Set flags for profiles represented by glob set-flags-for-profiles-represented-by-glob.patch (bsc#1086154) fix-regression-in-set-flags.patch - Add dovecot stats in dovecot profiles add-dovecot-stats.patch (bsc#1089787)- add disable-cache-on-ro-fs.diff - disable write cache if filesystem is read-only and don't bail out (bsc#1069906, bsc#1074429)- add parser-write-cache-warn-only.diff to make cache write failures a warning instead of an error (boo#1069906, boo#1074429) - reduce dependeny on libnotify-tools (used by aa-notify -p) to "Suggests" to avoid pulling in several Gnome packages on servers (boo#1067477)- update to AppArmor 2.12 - add support for 'owner' rules in aa-logprof and aa-genprof - add support for includes with absolute path in aa-logprof etc. (lp#1733700) - update aa-decode to also decode PROCTITLE (lp#1736841) - several profile and abstraction updates, including boo#1069470 - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.12 for the detailed upstream changelog - drop upstreamed patches: - read_inactive_profile-exactly-once.patch - utils-fix-sorted-save_profiles-regression.diff - lessopen profile: change all 'rix' rules to 'mrix' - add 32-bit-no-uid.diff to fix handling of log events without ouid on 32 bit systems- update to AppArmor 2.11.95 aka 2.12 beta1 - add JSON interface to aa-logprof and aa-genprof (used by YaST) - drop old YaST interface code - update audio, base and nameservice abstractions - allow @{pid} to match 7-digit pids - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11_95 for the detailed upstream changelog - drop upstreamed patches - apparmor-yast-cleanup.patch - apparmor-json-support.patch - nameservice-libtirpc.diff - drop obsolete perl modules (YaST no longer needs them) - drop patches that were only needed by the obsolete perl modules: - apparmor-utils-string-split - apparmor-abstractions-no-multiline.diff - drop profiles-sockets-temporary-fix.patch - obsoleted by a fix in apparmor_parser - refresh utils-fix-sorted-save_profiles-regression.diff - add aa-teardown (new script to unload all profiles) - make ExecStop in apparmor.service a no-op (workaround for a systemd restriction, see boo#996520 and boo#853019 for details) - lessopen profile: allow capability dac_read_search and dac_override, allow groff to execute several helpers (boo#1065388)- read_inactive_profile-exactly-once.patch (bsc#1069346) Perform reading of inactive profiles exactly once.- update to AppArmor 2.11.1 - add permissions to several profiles and abstractions (including lp#1650827 and boo#1057900) - several fixes in the aa-* tools (including lp#1689667, lp#1628286, lp#1661766 and boo#1062667) - fix downgrading/converting of 'unix' rules (will be supported in kernel 4.15) to 'network unix' rules in apparmor_parser (boo#1061195) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11_1 for upstream changelog - remove upstream(ed) patches - upstream-changes-r3616..3628.diff - upstream-changes-r3629..3648.diff - parser-tests-dbus-duplicated-conditionals.diff - apparmor-fix-podsyntax.patch - sshd-profile-drop-local-include-r3615.diff - refresh apparmor-yast-cleanup.patch - add utils-fix-sorted-save_profiles-regression.diff to fix a regression in displaying the "changed profiles" list in aa-logprof- add nameservice-libtirpc.diff to fix NIS/YP logins (boo#1062244)- profiles-sockets-temporary-fix.patch to cater to nameservices with the new sockets mediation, until unix rules are upstreamed (boo#1061195)- add apparmor-fix-podsyntax.patch from mailing list to fix compilation with perl 5.26- do not require exact X.Y version of "python3" - require also matching python(abi) which is arguably more important- don't rely on implementation details for reload in %post- add JSON support. Required for FATE#323380. (apparmor-yast-cleanup.patch, apparmor-json-support.patch)- add upstream-changes-r3629..3648.diff: - preserve unknown profiles when reloading apparmor.service (CVE-2017-6507, lp#1668892, boo#1029696) - add aa-remove-unknown utility to unload unknown profiles (lp#1668892) - update nvidia abstraction for newer nvidia drivers - don't enforce ordering of dbus rule attributes in utils (lp#1628286) - add --parser, --base and --Include option to aa-easyprof to allow non-standard paths (useful for tests) (lp#1521031) - move initialization code in apparmor.aa to init_aa(). This allows to run all utils tests even if /etc/apparmor.d/ or /sbin/apparmor_parser don't exist. - several improvements in the utils tests - drop upstreamed python3-drop-re-locale.patch - no longer delete/skip some of the utils tests (to allow this, add parser-tests-dbus-duplicated-conditionals.diff) - add var.mount dependeny to apparmor.service (boo#1016259#c34)- Cleanup spec file: - don't use insserv if we afterwards call systemd, this can have bad side effects - remove dead code - remove now obsolete 'distro' checks - Replace init.d script with new wrapper working with systemd- add python3-drop-re-locale.patch: remove deprecated re.LOCALE flag in Python UI as it was dropped from Python 3.6 (lp#1661766)- add upstream-changes-r3616..3628.diff: - update abstractions/base, abstractions/apache2-common and dovecot profiles - merge ask_the_questions() of aa-logprof and aa-mergeprof - pass LDFLAGS when building parser, libapparmor perl bindings and pam_apparmor - adjust deleting the cache in profiles %post to the new cache location - silence errors when deleting the cache (boo#976914)- split libapparmor into separate spec to get rid of build loop involving mariadb, systemd, apparmor, libapr and mariadb again (see the discussion in SR 448871 for details)- update to AppArmor 2.11.0 - apparmor_parser now supports parallel compiles and loads - add full support for dbus, ptrace and signal rules and events to the utils - full rewrite of the file rule handling in the utils - lots of improvements and fixes - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11 for the detailed changelog - patches: - add sshd-profile-drop-local-include-r3615.diff to fix 'make check' - drop aa-unconfined-fix-netstat-call-2.10r3380.diff, no longer needed - refresh apparmor-abstractions-no-multiline.diff - refresh apparmor-samba-include-permissions-for-shares.diff - spec changes: - aa-unconfined switched to using ss (from iproute2), adjust Recommends: - move libapparmor to /usr/lib*/ - drop %if %suse_version checks for 12.x - change several Obsoletes from %version to < 2.9. Those package names weren't used since years, and 2.9 is still a careful choice - include apparmor.service independent of %suse_version - techdoc.pdf is now shipped in upstream tarball to reduce BuildRequires - drop latex2html, texlive-* and w3m BuildRequires - techdoc.txt and techdoc.html not included, drop them from the package - run most of utils/ make check (some tests expect /etc/apparmor.d/ and /sbin/apparmor_parser to exist, skip them) - BuildRequires python3-pyflakes (utils tests) and dejagnu (libapparmor tests) - drop sed'ing python3 into aa-* shebang (upstreamed) - build binutils - aa-exec is now written in C and lives in /usr/bin/, move it to the apparmor_parser package and create a compability symlink in /usr/sbin/ - aa-exec manpage moved to section 1 - aa-enabled is a small new tool to find out if AppArmor is enabled - package new aa_stack_profile(2) manpage- change /etc/apparmor.d/cache symlink to /var/lib/apparmor/cache/. This is part of the root partition (at least with default partitioning) and should be available earlier than /var/cache/apparmor/ (boo#1015249, boo#980081, bsc#1016259) - add dependency on var-lib.mount to apparmor.service as safety net- update to AppArmor 2.10.2 maintenance release - lots of bugfixes and profile updates (including boo#1000201, boo#1009964, boo#1014463) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_10_2 for details - add aa-unconfined-fix-netstat-call-2.10r3380.diff to fix a regression in aa-unconfined - drop upstream(ed) patches: - changes-since-2.10.1--r3326..3346.diff - changes-since-2.10.1--r3347..3353.diff - libapparmor-fix-import-path.diff (upstream fix is slightly different) - nscd-var-lib.diff - refresh apparmor-abstractions-no-multiline.diff- add nscd-var-lib.diff to allow /var/lib/nscd/ in the nscd profile and abstractions/nameservice (path changed in latest nscd in Tumbleweed)- add changes-since-2.10.1--r3347..3353.diff with upstream changes and fixes in the 2.10 branch, including - allow writing *.qf files (for disk-based buffering) in syslog-ng profile - add several permissions to the dovecot profiles (deb#835826) - add a missing path in the traceroute profile- add changes-since-2.10.1--r3326..3346.diff with upstream changes and fixes since the 2.10.1 release, including - allow dac_override in winbindd profile (boo#990006#c5) - allow mr for /usr/lib*/ldb/*.so in samba abstractions (needed since Samba 4.4.x, boo#990006) - abstractions/nameservice: also support ConnMan-managed resolv.conf - let aa-genprof ask about profiles in extra dir (again) - fix aa-logprof "add hat" endless loop (lp#1538306) - honor 'chown' file events in logparser.py - ignore log file events with a request mask of 'send' or 'receive' because they are actually network events (lp#1577051, lp#1582374) - accept hostname with dots when parsing logs (lp#1453300 comments #1 and #2) - fix python LibAppArmor import failures with swig > 3.0.8 (boo#987607) (libapparmor-fix-import-path.diff) - refresh apparmor-abstractions-no-multiline.diff - drop upstreamed profiles-ping-inet6-r3449.diff - add %check section - runs libapparmor (including swig bindings), parser and profiles tests - add BuildRequires: perl(Locale::gettext) - needed for parser tests- add profiles-ping-inet6-r3449.diff - latest ping also does IPv6 (boo#980596)- update to AppArmor 2.10.1 (2.10 branch r3326): - fix incorrect output of child profile names (apparmor_parser -N) which caused 'rcapparmor reload' to remove child profiles and hats (lp#1551950) - fix a crash in aa-logprof / logparser.py for change_hat log events (lp#1523297) and log events that look like file events, but aren't (lp#1540562, lp#1525119, lp#1466812) - write unix rules when saving a profile (lp#1522938, boo#954104#c3) - several fixes for variable handling in aa-logprof - map c (create) log events to w instead of a - add python to the "no Px rule" list in logprof.conf - let aa-logprof check for duplicate profiles - let aa-status work without the apparmor.fail python module (boo#971917, lp#1480492) - add permissions in several profiles (including boo#948584, boo#948753, boo#954959, boo#954958, boo#971790, boo#964971, boo#921098, boo#923201 and boo#921098#c15). - and many more fixes, see the full changelog at http://wiki.apparmor.net/index.php/ReleaseNotes_2_10_1 - drop upstream(ed) patches: - fix-initscript-aa_log_end_msg.diff - syslog-ng-profile-boo948584.diff - upstream-profile-updates-r3205-3241.diff - refresh patches: - apparmor-abstractions-no-multiline.diff - apparmor-samba-include-permissions-for-shares.diff - drop libapparmor autogen.sh call (broke the build) and remove libtool BR- add syslog-ng-profile-boo948584.diff - add several permissions needed by latest syslog-ng (boo#948584, boo#948753) - add upstream-profile-updates-r3205-3241.diff with several profile updates: - add /usr/share/locale-bundle/** to abstractions/base - allow dnsmask to use /bin/sh (boo#940749) and /bin/dash - allow dovecot imap to read /run/dovecot/mounts - allow avahi-daemon to write to /run/systemd/notify - allow ntpd to read $PATH directory listings (boo#945592, boo#948752) - update dhclient profile - allow skype to read @{PROC}/@{pid}/net/dev (boo#939568) - and some other small updates - drop upstreamed apparmor-winbindd-r3213.diff (included in the upstream-profile-updates patch)- netstat moved to net-tools-deprecated in Tumbleweed (boo#944904)- add apparmor-winbindd-r3213.diff - add missing k permissions for /etc/samba/smbd.tmp/msg/* in winbindd profile (boo#921098 #c15..19)- add fix-initscript-aa_log_end_msg.diff - fixes ugly initscript output (boo#862170)- update to AppArmor 2.10 (trunk r3205) - profile names can now contain variables - improved profile compile time in apparmor_parser - lots of improvements, refactoring and bugfixes in the aa-* tools - new apis for managing and loading profile caches into the kernel in libapparmor - lots of profile updates - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_10 for the complete changelog with more details - add new apparmor_private.h and the aa_query_label(2), aa_features(3), aa_kernel_interface(3), aa_policy_cache(3), aa_splitcon(3) manpages to libapparmor-devel - drop apparmor-2.5.1-edirectory-profile patch - it's most probably no longer needed (see boo#621394 for details) - drop upstreamed samba-4.2-profiles.diff - refresh apparmor-samba-include-permissions-for-shares.diff- systemd-rpm-macros and %systemd_requires were at the wrong place, move them to the parser package (boo#931792)- update to AppArmor 2.9.2 (2.9 branch r2911) - lots of bugfixes in the parser and the aa-* tools (including boo#918787) - update dovecot and dnsmasq profiles and several abstractions (including boo#911001) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_2 for the full changelog - remove upstream(ed) patches apparmor-changes-since-2.9.1.diff and apparmor-fix-stl-ostream.diff - replace GPG key with new AppArmor GPG signing key, see https://launchpad.net/apparmor/+announcement/13404- make sure %service_del_postun doesn't call systemctl try-restart (boo#853019, bare systemd edition) - add samba-4.2-profiles.diff: update samba (winbindd and nmb) profiles for samba 4.2 (boo#921098, boo#923201)- only install apparmor.service for openSUSE > 13.2- Add a native systemd unit which *at the moment* only wraps/masks the early boot script.- add apparmor-fix-stl-ostream.diff which fixes odd uses of std::ostream which are not valid. Fixes build with GCC 5- allow lessopen.sh to run /usr/bin/unzip-plain (boo#906858)- add Requires: python3 to python3-apparmor package - readline isn't part of python3-base (boo#917577)- add apparmor-changes-since-2.9.1.diff with upstream fixes since the 2.9.1 release - update logparser.py to support changed syslog format (lp#1399027) - update usr.sbin.dovecot and usr.lib.dovecot.imap{, -login} profiles (lp#1296667) - update the mysqld profile - fix network rule description in apparmor.d(5) manpage - drop upstreamed dnsmasq-profile-fixes.patch - update expired GPG key- update to AppArmor 2.9.1 (2.9 branch r2831) - fix log parsing for 3.16 kernels and syslog-style logs (boo#905368) - several fixes and performance improvements in the aa-* utils - profile updates for dnsmasq (boo#907870), nscd (boo#904620#c14 and bnc#908856), useradd, sendmail, man and passwd - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_1 for full release notes - refresh dnsmasq-profile-fixes.patch- Fix dnsmasq profile to allow executing bash to run the --dhcp-script argument. Also fixed /usr/lib -> /usr/{lib,lib64} to get libvirt leasehealper script to run even on x86_64. dnsmasq-profile-fixes.patch. boo#911001- rename lessopen.sh profile file to usr.bin.lessopen.sh to match the script filename- add apparmor-lessopen-profile.patch: /usr/bin/lessopen.sh needs confinement. bnc#906858- delete cache in apparmor-profiles %post (workaround for bnc#904620#c8 / lp#1392042)- No longer perform gpg validation; osc source_validator does it implicit: + Drop gpg-offline BuildRequires. + No longer execute gpg_verify.- fix bashism in post script- update to AppArmor 2.9.0 (r2759) - change aa-mergeprof to the final commandline syntax - lots of bugfixes in the aa-* tools (bnc#900163, lp#1328707 and several bugs without a formal bugreport) - small additions to gnome, freedesktop.org, ubuntu-browsers.d/java and user-mail abstractions - fix mod_apparmor to not break basic auth - update perl modules to support signal, unix and ptrace rules (bnc#900013) - don't warn about rules not supported by the kernel - fix logging of "audit capability" (lp#1378091) - add support for the "hat" keyword in apparmor.vim - build html version of apparmor.vim manpage again (lp#1366572) - see also http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_0 - update apparmor-abstractions-no-multiline.diff - remove upstreamed apparmor-profiles-ntpd-pid-location.diff- add apparmor-abstractions-no-multiline.diff: change all multiline rules into one line. Needed for yast2-apparmor (bnc#900013)- add apparmor-profiles-ntpd-pid-location.diff to cover new ntpd pid location (bnc#899746)- update to AppArmor 2.8.97 (aka 2.9 beta3 aka r2721) - several bugfixes in python and C tools - rename "__unused" to "unused" in apparmor_parser to fix compilation on openSUSE <= 13.1 x86_64 (bnc#895495) - usr.lib.dovecot.auth profile: allow access to auth-token-secret.dat - various small profile improvements - update and add several testcases - drop upstreamed patch apparmor-profiles-dnsmasq-iface-mtu.patch - re-number remaining patches- split apparmor-profiles package into -profiles and -abstractions- update to AppArmor 2.8.96 (aka 2.9 beta2 aka r2652) - add unix abstract sockets, ptrace, and signal policy generation - several bugfixes in the python tools and elsewhere - move program-chunks/postfix-common to abstractions/ - drop upstreamed patches: - apparmor-profiles-clustered-samba.diff - perl-apparmor-fix-bare-network-keyword-handling.diff - perl-apparmor-handle-bare-capability-keyword.diff - perl-apparmor-properly-handle-bare-file-keyword.diff - re-enable installation of perl modules - move python modules to python3-apparmor package - create symlinks without aa- prefix only for tools existing in 2.8.x, but not for new tools added in 2.9 - make utils filelist explicit to ensure we have the right set of files without aa- prefix in sbindir - switch easyprof python module location to python3 - drop unused defines APPARMOR_DOC_DIR and JNI_SO - refresh patches: - apparmor-utils-string-split (file moved) - apparmor-profiles-dnsmasq-iface-mtu.patch - apparmor-2.5.1-edirectory-profile(prepared Thu Mar 20 23:35:03 UTC 2014 in home project) - update to AppArmor 2.8.95 (aka 2.9 beta1) - complete rewrite of the aa-* tools in python - new tools: aa-cleanprof, aa-mergeprof - extra profiles moved to /usr/share/apparmor/extra-profiles/ (bnc#713647) - and much more, but there's no upstream changelog yet - drop upstreamed patches and files: - usr.sbin.winbindd - usr.lib.dovecot.*, tunables-dovecot, apparmor-profiles-dovecot-bnc851984.diff - apparmor-init.py-gsoc.diff - apparmor-2.8.2-nm-dnsmasq-config.patch - add %bcond_with perl and disable the perl subpackage temporarily (the perl modules will be back in beta2) - drop the apparmorapplet-gnome, apparmor-dbus and profile-editor subpackages (they were disabled since a long time, and upstream no longer ships their code) and the apparmor-profile-editor.desktop and apparmor-profile-editor.png files - drop apparmor-utils-subdomain-compat patch (was only included for <= 12.1) - remove libimmunix Provides/Obsoletes (libimmunix was a compat wrapper and got finally dropped) - refresh apparmor-samba-include-permissions-for-shares.diff and apparmor-2.5.1-edirectory-profile- add apparmor-profiles-dnsmasq-iface-mtu.patch to allow dnsmasq read access to interface mtu in /proc/sys/net/ipv6/conf//mtu (bnc#892374)- usr.lib.dovecot.auth: add '/etc/dovecot/* r' to allow reading plaintext password files (bnc#874094)- Rename rpmlintrc to %{name}-rpmlintrc. Follow the packaging guidelines.- add perl-apparmor-fix-bare-network-keyword-handling.diff: perl-apparmor: Fix handling of network (or network all) (bnc#889650) - add perl-apparmor-handle-bare-capability-keyword.diff: perl-apparmor: Fix handling of capability keyword (bnc#889651) - add perl-apparmor-properly-handle-bare-file-keyword.diff: perl-apparmor: Properly handle bare file keyword (bnc#889652)- add apparmor-profiles-clustered-samba.diff to permit clustered Samba access to CTDB socket and databases (bnc#885317)- fix problems with dovecot and managesieve * usr.lib.dovecot.managesieve-login: network inet6 stream * usr.lib.dovecot.managesieve: +#include /usr/lib/dovecot/managesieve { [#]include + capability setgid, + capability setuid, + network inet stream, + network inet6 stream, + @{DOVECOT_MAILSTORE}/ rw, + @{DOVECOT_MAILSTORE}/** rwkl,- add #include to usr.lib.dovecot.auth- update usr.sbin.winbindd profile (bnc#870607) - restrict rw access to /var/cache/krb5rcache/ instead /var/tmp/- update usr.sbin.winbindd profile (bnc#870607) - treat passdb.tdb.tmp as passdb.tdb - allow rw access to /var/tmp/- add Recommends: libnotify-tools to apparmor-utils (aa-notify -p needs notify-send)- update to AppArmor 2.8.3 (r2122) bugfix release - fix some cache clearing bugs in apparmor_parser - various fixes in mod_apparmor - several profile updates, most of them were already included as patches (except abstractions/winbind (bnc#863226), abstractions/fonts and abstractions/p11-kit) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_8_3 for all details - update partially upstreamed apparmor-2.8.2-nm-dnsmasq-config.patch - remove upstream(ed) patches - apparmor-2.8.2-fix-ntpd-profile.diff - apparmor-abstractions-r2089-r2090.diff - apparmor-abstractions-ssl_certs.diff - apparmor-fix-url-in-manpages-r2093.diff - apparmor-no-perl-smartmatch-r2088.diff - apparmor-profiles-dnsmasq.diff - apparmor-profiles-ntpd-r2103.diff - apparmor-profiles-samba-create-dirs.diff - apparmor-profiles-samba4.diff - apparmor-unconfined-lang-r2094.diff - apparmor-utils-po-de-r2091.diff- use current ruby macros, the rb_sitearch is obsolete since at least 12.1- update apparmor-2.8.2-nm-dnsmasq-config.patch - allow access to pid file and supplemental config directory (by develop7) - update apparmor-profiles-dovecot-bnc851984.diff: - do not add access to @{DOVECOT_MAILSTORE} - not required by the main binary - add abstractions/mysql - allow execution of some more /usr/lib/dovecot/* binaries - better restrict access to /var/spool/postfix/private/ - update usr.lib.dovecot.auth to allow to read mysql config files - update usr.lib.dovecot.dict and usr.lib.dovecot.lmtp: add abstractions/nameservice instead of allowing more and more files- add Recommends: net-tools to apparmor-utils (needed by aa-unconfined) - update usr.lib.dovecot.lmtp (add /proc/*/mounts, /tmp/dovecot.lmtp.*, /{var/,}run/dovecot/mounts, deny capability block_suspend)- add apparmor-2.8.2-nm-dnsmasq-config.patch - allow dnsmasq read config created by recent NetworkManager (see http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=d82669d3fdaa7ec70ef1b64941c101ac810c394b for update details)- add apparmor-profiles-samba-create-dirs.diff to allow samba to mkdir /var/run/samba and /var/cache/samba (bnc#856651) - add abstractions/samba to usr.sbin.winbindd profile - add capabilities ipc_lock and setuid to usr.sbin.winbindd profile (bnc#851131) - update dovecot profiles to support dovecot 2.x, and add profiles for the parts of dovecot that were not covered yet (bnc#851984) NOTE: Please adjust /etc/apparmor.d/tunables/dovecot to your needs. (apparmor-profiles-dovecot-bnc851984.diff, usr.lib.dovecot.*) - %restart_on_update (in parser %postun) is "translated" to stop/start by the systemd wrapper, which removes AppArmor protection from running processes. Fixed by using a custom script instead (bnc#853019) NOTE: The %postun from the previously installed apparmor-parser package will remove AppArmor protection from running processes a last time. Run aa-status to get a list of processes you need to restart, or reboot your computer. - reload profiles in %post of the apparmor-profiles package- add apparmor-abstractions-ssl_certs.diff to allow access to certificates in /var/lib/ca-certificates/ (bnc#852018)- add apparmor-profiles-ntpd-r2103.diff with updated driftfile location for ntpd (bnc#850374)- apparmor-profiles-samba4.diff, usr.sbin.winbindd: some more profile updates for samba 4.x and kerberos (bnc#846586#c12 and #c15)- add apparmor-profiles-dnsmasq.diff - add missing permissions for libvirt-generated files to dnsmasq profile (bnc#848215)- apparmor-profiles-samba4.diff, usr.sbin.winbindd: some more profile updates for samba 4.x (bnc#846054#c5)- add apparmor-profiles-samba4.diff - various profile additions for samba 4.x (bnc#845867, bnc#846054) - update usr.sbin.winbindd for samba 4.x (bnc#845867, bnc#846054)- update apparmor-init.py-gsoc.diff to the final GSoC apparmor/__init__.py- add apparmor-fix-url-in-manpages-r2093.diff: fix URL in manpages - add apparmor-unconfined-lang-r2094.diff: fix aa-unconfined to work in all languages- fix ntp by allowing read access to openssl.cnf- add apparmor-utils-po-de-r2091.diff: fix some (mis)translations- add apparmor-abstractions-r2089-r2090.diff (from upstream 2.8 branch) - p11-kit needs access to /usr/share/p11-kit/modules - allow reading /etc/machine-id in the dbus-session abstraction - add apparmor-init.py-gsoc.diff - make apparmor/__init__.py ready for the new tools developed in GSoC- add apparmor-no-perl-smartmatch-r2088.diff: ~~ was marked as experimental in perl 5.18 again - use grep instead (upstream 2.8 branch r2088) - fix ruby requires- update to AppArmor 2.8.2 - several fixes for python3 compability - various profile improvements: - various additions to abstractions/fonts - move poppler's cMaps from gnome to fonts; gnome includes fonts - deny @{HOME}/.gnome2/keyrings/** to abstractions/private-files-strict - add read access to @{PROC}/sys/vm/overcommit_memory to abstractions/base (bnc#824577) - update pulseaudio directory and cookie file paths - add missing permissions to the nscd profile (bnc#807104) - deny capability block_suspend to nscd (bnc#807104) - MariaDB compatability in abstractions/mysql (bnc#798183) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_8_2 for all details - removed upstream(ed) patches - apparmor-abstractions-mysql-path.diff - apparmor-profiles-nscd.diff - apparmor-python3-r2052.diff- swig for python3 is broken on openSUSE 12.2 - build python-apparmor (for python2) instead on 12.2- add python3-apparmor subpackage (currently py2 OR py3 package can be build, but not both at the same time) - add upstream apparmor-python3-r2052.diff to fix various python3 issues- Ruby 2.0 mkmf gets the path to ruby.h wrong (bnc#822277)- do not package directories as %config - especially not as noreplace- enable python and ruby subpackages (using %bcond_without) - update/fix paths in %files for python and ruby subpackages- add Requires: insserv to parser package (needed by initscript)- nscd profile: add missing permissions and deny capability block_suspend (bnc#807104, apparmor-profiles-nscd.diff)- Add missing files to SRPM (bnc#777471)- update abstractions/mysql with correct paths and add MariaDB paths (bnc#798183)- update to AppArmor 2.8.1 (=2.8 branch r2069) Bugfix release, http://wiki.apparmor.net/index.php/ReleaseNotes_2_8_1 Most important changes are: - add various missing parts to profiles and abstractions - fix a possible x conflict with hats or child profiles in apparmor_parser - fix and speedup stdin handling in aa-decode - various other bugfixes - add pkgconfig support to libapparmor - remove upstream(ed) patches- verify tarball with gpg-offline- fix directory flags for /etc/apparmor.d to be in sync between - parser and -profiles subpackage- remove %stop_on_removal for no longer existing aaeventd (bnc#781564) - don't hide TeX output when building the parser and techdoc- clear and update inconsistent profile cache (bnc#774529)- abstractions/bash: update /bin/ls to also match /usr/bin/ls (usrMerge)- Add required fonts for new TeXLive 2012- update /bin/ping profile to also match /usr/bin/ping (usrMerge)- update to AppArmor 2.8.0 (= r2047) - new utility aa-easyprof - templated profile generation tool (the resulting profile may be less strict than profiles generated with genprof/logprof) - various small bugfixes - removed upstreamed patches- add apparmor-techdoc.patch to remove traces of the build time in PDF files- update to AppArmor 2.8 beta5 (= 2.7.103 / r2031) - new utility aa-exec to confine a program with the specified AppArmor profile - add support for mount rules - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_8 for full upstream changelog - removed upstreamed and backported patches - remove outdated autobuild and "disable repo" patches that were disabled since the AppArmor 2.7 package - create the Immunix::SubDomain compat perl module only for openSUSE <= 12.1 (bnc#720617 #c7)- replace patch for dnsmasq profile with upstream patch (bnc#738905)- add apparmor-r2022-log-parser-network-bnc755923.patch - logprof didn't create network rules because of changed log format (bnc#755923, lp#800826) - add profile for samba winbindd (bnc#748499)- fix dnsmasq profile (bnc#738905)- add 0001-fix-for-lp929531.patch to allow reading /sys/devices/system/cpu/online in abstractions/base (lp#929531)- Update to AppArmor 2.7.2 (= 2.7 branch / r1894) - move various permissions from httpd2-prefork profile to abstractions/apache2-common. Backward-incompatible change: *.htaccess files are no longer allowed for ^HANDLING_UNTRUSTED_INPUT - allow access for more /usr/lib*/samba/ files for smbd (bnc#725967#c5) - allow various .conf files for dovecot (lp#458922) - disallow wl for *.so in @{HOME}/.pki/nssdb/ in abstractions/private-files and abstractions/private-files-strict (lp#911847) - update abstractions/kde, private-files* and ubuntu-browsers.d/user-files to use ~/.kde4, not only ~/.kde (bnc#741592) - block write access to ~/.kde{,4}/env in abstractions/private-files (lp#914190) - allow write access for personal dictionary etc. in abstractions/aspell (lp#917859) - when using genprof for a script, include read access to the script itsself - automatically include abstractions/python or abstractions/ruby for python/ruby scripts - add profile for smbldap-useradd and allow smbd to call it (bnc#738041) - allow creation of the .config directory in abstractions/enchant (lp#914184) - allow TFTP read-only access in dnsmasq profile (lp#905412) - allow capability dac_read_search for syslog-ng (bnc#731876) - add p11-kit abstraction and include it in abstractions/authentification (lp#912754, lp#912752) - add audacity to abstractions/ubuntu-media-players (lp#899963) - allow software-center, fireclam plugin, [tT]unar, exo-open, kate and /dev/nvidia* in abstractons/ubuntu-browsers.d/* (lp#662906, lp#562831, lp#890894, lp#890894, lp#884748) - fix typo for multiarch gconf-modules in abstractions/base (lp#904548) - allow avahi to do dbus introspection (lp#769148) - allow access to ~/.fonts.conf.d in abstractions/fonts (lp#870992) - allow transmission in abstractions/ubuntu-bittorrent-clients (lp#852062) - allow reading ~/.cups/client.conf and ~/.cups/lpoptions in abstractions/cups-client (lp#887992) - allow read access of /etc/python{2,3}.[0-7]*/sitecustomize.py in abstractions/python (lp#860856) - various updates to the sshd profile (lp#817956) - (and some more changes I already included in the apparmor-2.7-branch.diff)- Update to AppArmor 2.7.0 (= r1858) - make traceroute6 work (bnc#733312) - allow access to pyconfig.h in abstractions/python (lp#840734) - fix logprof/genprof for hex-encoded program filenames (= filenames containing space etc.) - add apparmor-2.7-branch.diff with some upstreamed fixes: - usr.sbin.smbd needs read access for /etc/netgroup (bnc#738041) - create /etc/apparmor.d/tunables/multiarch.d as directory, not as file - fix syntax error in abstractons/python- changed a $ -> % (typo)- package subdomain.conf only in -parser, not in -utils package - package libapparmor.so and libimmunix.so only in libapparmor-devel, not in libapparmor1 - make Provides for perl-libapparmor versioned to avoid self-Obsoletes - move libapparmor.a and libimmunix.a from libapparmor1 to libapparmor-devel package- update to AppArmor 2.7.0 rc2 Most of the changes since rc1 were already included as patches. Additional changes: - fix logprof/genprof to recognize "mknod" in audit.log - fix libapparmor python bindings to compile with python 3 - fix wrong status message in initscript if apparmor-utils are not installed - parser/Makefile: fix some warnings, always respect CXX and LDFLAGS - fix some warnings in utils/Makefile - remove 4 upstreamed patches - remove mkdir /etc/apparmor.d/disable - that's done by upstream Makefile now - update line numbers in 2 patches- make abstractions/winbind working on 64bit systems - allow loading the libraries for samba "vfs objects" also on 32bit systems (bnc#725967)- allow loading the libraries for samba "vfs objects" (bnc#725967)- include autogenerated profile sniplet for samba shares (bnc#688040) - more helpful error message for "aa-notify -p" if the user is not in the configured group- update to AppArmor 2.7.0 rc1 - aa-notify: add --display option and warn if $DISPLAY is not set (important for usage with sudo on openSUSE) - fix syntax error on "rcapparmor stop" - allow read access to /proc/*/mounts in the dovecot profile- add patch with upstream changes since 2.7.0 beta2 release - add example parser.conf - print warning if profile cache directory doesn't exist - remove initscript for no longer existing aa-eventd (bnc#720617) - set correct $HOME in aa-notify - enable caching of profiles (= massive speedup) (bnc#689458) - add comments for patches in .spec and comments in some patches - run spec-cleaner- add libtool as buildrequire to make the spec file more reliable- update to AppArmor 2.7.0 beta2 - includes fixes for bnc#717707, bnc#678749, bnc#685674, bnc#679182, bnc#691072, bnc#705319, bnc#713728 - add some missing perl module Requires to perl-apparmor- update to AppArmor 2.7.0 beta1, for details see http://wiki.apparmor.net/index.php/ReleaseNotes_2_7 - removed lots of patches I pushed upstream - disabled apparmor-2.5.1-unified-build (patch to use automake, does not apply to 2.7 and probably won't be accepted upstream) - disabled build of tomcat_apparmor (doesn't build, deprecated upstream) - run spec-cleaner - remove *.la files - move usr.sbin.nscd profile back to apparmor-profiles package- Update patch apparmor-profiles-usr.sbin.dnsmasq to include /var/lib/libvirt/dnsmasq/*.leases (bnc#694197).- install SubDomain.pm compat module (bnc#713408)- Update to 2.6.1. - One patch eliminated - Lots of minor fixes - Split out more common abstractions - Add check_for_apparmor() helper.- dhcpd: Fix apparmor profile (bnc#692428)- Add apparmor-securityfs-systemd.patch: do not mount securityfs when running under systemd, just access the directory, systemd will automount it (bnc#704460).- Fixed typos in descriptions and summaries of apparmor.spec- Fixed building of pam_apparmor to properly link libpam (bnc#696553). - Fixed building of apache2-mod_apparmor to properly link (bnc#701821).- move the requires and prerequires to the right package- make the -doc and -profiles subpackages noarch (again)- Added alias from Immunix::SubDomain to Immunix:AppArmor to allow older users of perl-apparmor to work properly.- Properly re-created links to old utility names.- Added /etc/ethers and /var/run/dnsmasq-forwarders to usr.sbin.dnsmasq (bnc#678749)- Update to 2.6.0 - 19 patches eliminated - Lots of minor fixes. - Split out more common abstractions - Added more local includes- Additional libvirt related fixes in usr.sbin.dnsmasq (bnc#675867)- Added 'network packet raw' to dhclient profile.- Add Requires for used perl packages (bnc#670650).- Updated dhclient profile and added dhclient-script profile (bnc#561152).- Added ability to completely disable repositories.- Properly indent sub-profiles after genprof completion (bnc#480795).- Inherit flags in sub-profiles when generating profiles (bnc#496204).- Stop treating profiles shipped with the package as config files. - /etc/apparmor.d will still be treated specially. - Add support for parsing network operation events (bnc#665483)- Fix for sbin.klogd profile using kernel versions >= 2.6.38-rc1.- Update to apparmor-2.5 r1445. - Includes 3 of the fixes below. - Several testsuite fixes. - Update for Thunderbird profile.- Add support for libvirt in usr.sbin.dnsmasq (bnc#666090)- fix rm call for nscd profile to avoid file conflict- profiles: Add openssl abstraction (bnc#623886).- Added support for sys_nice to ntpd profile (bnc#657054).- apparmor-utils: Support newer auditd formatted messages. - Fix two x transition conflict bugs. (bnc#662928)- Splitted ldap related things from nameservice into separate profile and added some missing paths (bnc#662761)- Fixed pod2man macros with older versions of GNU make- Fixed building of perl and ruby SWIG modules. The former is required for apparmor-utils to work properly.- Fixed use-after-free issue in apparmor_parser.- Added fixes for logprof issuing uninitialized variable errors while encountering audit messages for unconfined processes.- Updated cupsd profile (bnc#539401)- Fix {proc} vs {PROC} macro usage in firefox profile (bnc#436262)- Added support for eDirectory nameservice (bnc#621394)- Fixed incorrect /proc/*/sys usage in usr.sbin.ntpd profile (bnc#634801)- Added fix for another case of whitespace affecting profile removal (bnc#510740)- Added support for unified build, which massively simplified the packaging.- Fix for syslog-ng profile to allow upgrade to v3.2 - add mysql support to syslog-ng profile- Added support for enabling/disabling the module automatically during installation/removal (bnc#623246)- Converted archive to tar.bz2.- Updated to 2.5.1-final. - Lots of testcase updates.- Initial packaging of AppArmor 2.5 - Now contained in a single archive so built from a single spec file/bin/shsubdomain-profileslamb20 1542900564  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~2.12-lp150.6.3.12.12-lp150.6.3.12.122.9apache2.dphpsysinfobin.pingREADMEbin.pingsbin.klogdsbin.syslog-ngsbin.syslogdusr.bin.lessopen.shusr.lib.apache2.mpm-prefork.apache2usr.lib.dovecot.anvilusr.lib.dovecot.authusr.lib.dovecot.configusr.lib.dovecot.deliverusr.lib.dovecot.dictusr.lib.dovecot.dovecot-authusr.lib.dovecot.dovecot-ldausr.lib.dovecot.imapusr.lib.dovecot.imap-loginusr.lib.dovecot.lmtpusr.lib.dovecot.logusr.lib.dovecot.managesieveusr.lib.dovecot.managesieve-loginusr.lib.dovecot.pop3usr.lib.dovecot.pop3-loginusr.lib.dovecot.ssl-paramsusr.lib.dovecot.statsusr.sbin.apache2usr.sbin.avahi-daemonusr.sbin.dnsmasqusr.sbin.dovecotusr.sbin.identdusr.sbin.mdnsdusr.sbin.nmbdusr.sbin.nscdusr.sbin.ntpdusr.sbin.smbdusr.sbin.smbd-sharesusr.sbin.smbldap-useraddusr.sbin.tracerouteusr.sbin.winbinddsbin.klogdsbin.syslog-ngsbin.syslogdusr.bin.lessopen.shusr.lib.apache2.mpm-prefork.apache2usr.lib.dovecot.anvilusr.lib.dovecot.authusr.lib.dovecot.configusr.lib.dovecot.deliverusr.lib.dovecot.dictusr.lib.dovecot.dovecot-authusr.lib.dovecot.dovecot-ldausr.lib.dovecot.imapusr.lib.dovecot.imap-loginusr.lib.dovecot.lmtpusr.lib.dovecot.logusr.lib.dovecot.managesieveusr.lib.dovecot.managesieve-loginusr.lib.dovecot.pop3usr.lib.dovecot.pop3-loginusr.lib.dovecot.ssl-paramsusr.lib.dovecot.statsusr.sbin.apache2usr.sbin.avahi-daemonusr.sbin.dnsmasqusr.sbin.dovecotusr.sbin.identdusr.sbin.mdnsdusr.sbin.nmbdusr.sbin.nscdusr.sbin.ntpdusr.sbin.smbdusr.sbin.smbldap-useraddusr.sbin.tracerouteusr.sbin.winbinddextra-profilesREADMEbin.netstatetc.cron.daily.logrotateetc.cron.daily.slocate.cronetc.cron.daily.tmpwatchsbin.dhclientsbin.dhclient-scriptsbin.dhcpcdsbin.portmapsbin.resmgrdsbin.rpc.lockdsbin.rpc.statdusr.NX.bin.nxclientusr.bin.acroreadusr.bin.aproposusr.bin.evolution-2.10usr.bin.famusr.bin.freshclamusr.bin.gaimusr.bin.manusr.bin.mlmmj-bounceusr.bin.mlmmj-maintdusr.bin.mlmmj-make-ml.shusr.bin.mlmmj-processusr.bin.mlmmj-receiveusr.bin.mlmmj-recieveusr.bin.mlmmj-sendusr.bin.mlmmj-subusr.bin.mlmmj-unsubusr.bin.operausr.bin.passwdusr.bin.procmailusr.bin.skypeusr.bin.spamcusr.bin.svnserveusr.bin.wiresharkusr.bin.xfsusr.lib.GConf.2.gconfd-2usr.lib.RealPlayer10.realplayusr.lib.bonobo.bonobo-activation-serverusr.lib.evolution-data-server.evolution-data-server-1.10usr.lib.firefox.firefoxusr.lib.firefox.firefox.shusr.lib.firefox.mozilla-xremote-clientusr.lib.man-db.manusr.lib.postfix.anvilusr.lib.postfix.bounceusr.lib.postfix.cleanupusr.lib.postfix.discardusr.lib.postfix.errorusr.lib.postfix.flushusr.lib.postfix.lmtpusr.lib.postfix.localusr.lib.postfix.masterusr.lib.postfix.nqmgrusr.lib.postfix.oqmgrusr.lib.postfix.pickupusr.lib.postfix.pipeusr.lib.postfix.proxymapusr.lib.postfix.qmgrusr.lib.postfix.qmqpdusr.lib.postfix.scacheusr.lib.postfix.showqusr.lib.postfix.smtpusr.lib.postfix.smtpdusr.lib.postfix.spawnusr.lib.postfix.tlsmgrusr.lib.postfix.trivial-rewriteusr.lib.postfix.verifyusr.lib.postfix.virtualusr.lib64.GConf.2.gconfd-2usr.sbin.cupsdusr.sbin.dhcpdusr.sbin.httpd2-preforkusr.sbin.imapdusr.sbin.in.fingerdusr.sbin.in.ftpdusr.sbin.in.ntalkdusr.sbin.ipop2dusr.sbin.ipop3dusr.sbin.lighttpdusr.sbin.mysqldusr.sbin.nmbdusr.sbin.oidentdusr.sbin.popperusr.sbin.postaliasusr.sbin.postdropusr.sbin.postmapusr.sbin.postqueueusr.sbin.sendmailusr.sbin.sendmail.postfixusr.sbin.sendmail.sendmailusr.sbin.smbdusr.sbin.spamdusr.sbin.squidusr.sbin.sshdusr.sbin.useraddusr.sbin.userdelusr.sbin.vsftpdusr.sbin.xinetd/etc/apparmor.d//etc/apparmor.d/apache2.d//etc/apparmor.d/local//usr/share/apparmor//usr/share/apparmor/extra-profiles/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:9211/openSUSE_Leap_15.0_Update/f6d04c4b4c79c0b3afe4954b87a1310a-apparmor.openSUSE_Leap_15.0_Updatecpioxz5x86_64-suse-linuxdirectoryASCII textC source, ASCII textC source, UTF-8 Unicode text苔a]} $+.utf-835200aef461c725c2d0b4a01a2057ca7a8630ac4aa066a9f74521489cfe9beff?7zXZ !t/Cd] crt:bLL GD c pw­OMy:2:Б$o\H +`[ݹ9ϞF[ q`ȘNڕSLNpgCBBsW ^.q&Hr]یb=Ig55S Wڬ J\=xpE>;lfRй.A=AoM ՠgr*uAqİlWuL60 'x#Tg˘"g<Z(S\8: {hA?ϟ{0r sK5_5lNs=AWoԇ ~*JyZe,CiWg. XF|B7dwFmf|Ee)N{z`mpNf=I=] µ/mz!e[hF>dM]7Nb)]yn%rjaX'2 ǒM.VrwoM2='/߆uVGP'vS0k)^(ȇ?!&Eۢnvxdt jA/ ocBN!&-aqQ!0R}/<WFêCkl_=Y>lvÜ;&8/ǁƁ%u~BKPcT8G4 _k %J;(;5XSҌH<,w^\%_bNPOss!D2lrDm7N&'>0zT (y ]S_)NWj>ėdz;G/҄ڙd 0xp~|8e1Y S7>P=Ҩ+/f~p3* ':HI/71Ejm\ɛ=_/u=^d*^elOT]_D3!@'۞\W: UcL#]qz Mp詰m=9/jT1S걤JiV2!$u~wlVVj2{`\I.P+5EgPkuʡUQ׎fs` 1Z0u׹3E0yĿn/DOP!38]I ؇p׌^>| /l. ]6<ٴUNZ()k/#5L \C|6z/9AQ=35Hhrm)Z󑇲lJ>봅?њHE @= PhDS\Iވ#/Lcݧ `Q*Ya9SG!{%=v>˪$Dw4٣i9!EAK{'5~4p u^woBoH~=TU+@X:gosF]Gv$UᚎFGk| #E3# paA !aK݊c45wo,fz/wayFPjvjsF ^:Û &}8|2%7fӍnwt 'uMbpZD,jjfaٽRõf L0Oū3^gG *g>knBrYgOlRCӦyȈWEX/TSmShRV (6\5 #!ĺpYX.dL1ҏ,m"JCv7 Rݦ1C/ <prn ?ސBR o:{ʗ^uv=<>pa: '{1=#/DP ̃I&WP{ɐ1\J ~H0)yebPPq{0c|(lǥd=3S c,oN`P=Gھ;-u#緤İ_)moS1&زW"=&^iun+ژ ޝ\ Gjڪ8If|!wHlbPw^|dR-vZhchgla l!tݡjYXzܢg{Y=#HU˄/v kCfP7 g*:6Pdx>Q0_QU;zh̷i6]Uu%P;="StcJɯ(njB':K p 9_Rx;TWa9sfp/]hlyTP׉وgH9&6R:>Ș6m!eF"ZLhrGb{V Qvkp߮ { z Cȇw]Qd:Q>@jO w`p+hywz*2& @2wė w`1z -f8xOp`FcA>NY{ Q c̦F4$}kbбy΀Є1nn_ᗝ}kk$4#4qed=F6hZY_|!my0™ֽi1:JdHxtq4Y?uG#9ȱ$-OcE),#EC(70:-FY^9Pb ۔mqvA;lki~j֯Վ*"zS{\=( nۯQK|a#RH}L/\tAX׎w7؆c:t[9~2|\R3qsrly`jf ϥQ)#kȚq$jL,G3{)4s'3UO)ͯia&z\O/eԭDYR"E82x'Τn/'PWu|5RSXM4GQ>>GBtp">Fdž ޵2@@P%dc=R5Ho-y],=lJ-1|EɾNL(}J,GA=VO01j0%.4f dGr1*MGYyGkUd֙nGƌ9W䷹sG5lWBj$i8NnTᅳPrYqUB: P!N^CYy\j.,Jo7x,(kYXӾb7A 7vt_?QP,؅9df$h#"G2UZ_Tī*` X#c˱}-4gYEcJ'M&joy, z[&~:Yꬪ:|߆ps^5Q΋s㪿 n;!=sgÉ Z+iWs"G3J'aξ~@5bEUpxUwH[h\Ki&{D}Je+,r"NipWofcdb@O;p+ ( o!~Q&|/Zӗ~EQ5=ÀtTiҌd1թIɛajO~ mC$Ic!U)ךZ5eACL 7+tl@g>ozɔt{a7";hRbȃIؕ@(?p|Я6Q͌X tBۯŪi8G)wGv='Xԓ9^nQp|B#8㪄+Ai3؎+C=oez[? }t)$VDq?\W&2a=]|OKkx%R|LYs^k̀3"lte|yCCۺrž՛m;dOs'v~W⡎+i4**h=gN!u.A vRGx,B>ͤ^u-Nc(s6 _e>qӏƇxh\?:^6U~AؕHƼUc,>dhy#CV&],$)%8\a%g&{ANl4&ȥ 9_[wj c?vFA0<QvU ?b8jw&1Akry\.a]zzu/]],`!F\Z?AP?J4AeKMm3bxyփ,T R/ u`꒪a)u춀l;8b=QZ+7vuKhr>2ԜX{HjAn}FrOBzׁ{: G&YυRт֑y.qp D/\h"-=) ,pD 3.x{{e[٪+Ľ`7NR8*ZbNeޤ ]JX-x 8d1UԼ{*!ƃeYI~IWՎWs_dR&]+rVw4YV")fS$%`U.ʹuR^I 4Ӓ[ gkc-aXۼk9{+ lWxq# uG?gH)TJw+h7InO {a i~+s903d~2|G?#%;!CWh2CW:S>^f`뤢hޔB8<$P@}dU2gMN'nl N:N*骷7Ĝe'2޴=^oִ|lOdVU!lݺT@\4BN0t8A=Q[zԁK0%};hIjsT%88MCds[;da0یjV/UhMɶP+⅒}:m/_ms#CﲉIA:Ihs\z0E2\1B9H2.s$IVN7FN~o׳B0jkB/N8# &PJ&/1ܯ52_OxmI ~k@h{"qc+ҚW&Ei$ gdАFE Sw)4fJMrX:t| A6;gUڨ|u&"Ne={kA7Fӽv 1= +# z^dٝI2vVtSGyc>#\1܅ f% 5F=Gu:jI:9miC ͺ>V[C հfNF'f'ɭ(.Y>-2'lc4q9LABWvbZl ۅ_3'~X4١*[;Qc&-+kv@D&pۦ_ .ˑ;1$J$Lg+Md6Mv@yN|scPK[||𞓒\IXV03l̥3{w4@4ӏOB3R5w~3T@CBĬ"faE!ym͒"&{C$ ,H(̹$!D?b5ט#b5<g|edFli\c uǞmIËFoa?=*fPv'w}#K@{34VbZ0rÈKW5\l?,4G,܄sT괿zpI3G[ɢ֖oX'+͚^'nk`<KY, VٽRg™u\O)p;)+)֪iPDFpڜe?(3!vgܶ k]ӄb8LXgU<'#tk(Mcg{8K`M.}?*246uV xkP ٨Rߥ!|CՅ󯏧 Ӽa7A?*)// $olׂC D;ئ(Kw5.[t('9MV6R5oC3'Dfgn)=*uR&?`f>O,kzU7< yآF7;eL)(Tv$W*'gX識t 8\T0dǻp, 80-yq Vf( fHv5u4"D,,,if"lesɕUgkhz7WY}f0U!0ٮy&w3&EVcX:Pa9eﵫAD#&,Q\R+]\Yyf&UY=z s Ȉgn 7XB\u⃶j>̥_{_MZb5~{4 Q‰+b -%ۉSZU`VD0Oa-gY3]τZF1c8^eglInxcK'S*\\r^0Ta+*5:{.IZ ?aqhYlbY$6F0 _y^p;uF h7[P +hM:}m*xNyb3 4{ ½4غCgb\ H.K7!a9xa}bW+k._ӨFuMHo[=jAq3;"k UPō2 ?1;-X-aTeBKӹWJyjU JE@/ U妴 A $œhUʑ D|DZ$oS.-`+s?*5]أz[ދCGYmj>+6lXb)X+oͧwCR" tYb g# TuU~I +t' ʹľ ^ tXv9&0uK$nZ ɤ6琺>7'v_VăHdc%'[2Ɂ >Pj(5[jQHy%SiR ^ih"Sql4z*y43?ncEO^5RH<\h2=RI"~tpp2B>3V U EK*/d.<'N·u2?U[RYΊE/n2zL6?X6Mx*j 42T<{1%4跋♕Ǘvq[oG~m_1q͆r|4'=g^j8×G^&zӛm$6$fMnXqݘ̕ҷʗ k͍|M8dX[մ%_'>aT%r7.'SqL!7jyDR&}gs^xXwfj|< 1U\]BI;@!Re}  &WCxPw ܐ'F/6"d|o^# &W-UkkAhP ,EOdT2͝G7`NĎR2ȜB`BY(rư@ED9Xp :Ԃ30*.O^6 $\APΣO#JYvrD7u}zq*>=जj (0 ~MSws5l& %HNwS2Kx%B}}5?+ ΢ L8 J&.WĊCφ|?Y7EIxM!q[,Qk$ (W= r(Nˍj~N$a)sRXpMR|郤cSLGS;to m$`&"ikK~tzH6O.D&wA3vK:3=6Vm%#yBN!_HR|1~<1]Uq-9w4?i˗uo·ETKo9o@ՙza3 3U|EMΟyT@ՙv8Ƈ3,p |Ţm'*k0uPHjb F0.j(ah1k{@k$ uXn!="Zo"gohh\R5%{E+qs>\أH7ϦM1ِ<@ק|4=kdA8|Bknb6x{q2Jk 9=v@<8 y Q/}?-ƓF` l9@52|/|*9"$&Q3}B¦)IrbFYo}a/, Zu\EujxiE&ld)@D1" v vT<$#ckX6тSrfƊ NSc=_X K")XP'R8'땴11X}5F410 #ҕ##Z}7akK>S-5t>sD9 *2(c}/UJCH`Dc68ئ"ɠ(%_NEDQK9aES`+e8j)ev&n^N1|Ҕaf2olm"rw#M9?_` %h:H XThrXk`E)qd?U{cGa!s0`w!3nmw͑ G8EN[NfaXA~!g :IWNd6H~5ɰL wg ?aMaXDHR'Lgڒb75n4T${$Hr(S`Kձ|ң!6K9a X%'6S1) LXaQEIgqEc*2yZ)E9h Aaa/ID17edc53]kk?lGC:GvlV(yd`\ @6%AĻKezv\e<݇/;`$(OC:K:bؼLabsW [9 㽥Ww9iUǝ믒35pY|,̙h_\3 ce$궥3}f8Nx]2C_B=8ŪJmR]q6#6# JjloM3dX?=ٰO; V&IpKsW vA(8_-N Pj6|w9{+#q ~U\}SUNYvJf,RߜalwnxˢՈQOEGξ٫Slq *kEc @n%*ĨjE`NS?9W98ks!Yieez#&J2Ă=&"l0/Xa|޽UmE겁 佬M:ctqpDz6Q o7v+\d/Dl0g)7jvڪ&<ۆ w>=E{vQ43"]hpNXy~ JY=fUoDivѮuhg Gn{MA 00.ɮs8K-DI쵦YԶHWO*I٢hFC ,ap(syQwfYXhkOͭD-I+L:Y✄J-ާ!+gCsy>E (bʩõ)q {ֲֿƹFjJߓU`U F;~Fn-O*O߷Ijvb>!3%S⽜L ye#lUڶ1@*jZs*6c*]Oػzu9W՞+U/ Հa8FDthFxV}њD!26 y;`΄0F{׃JK\%09Yuc wl<Hd)hx4kc=9A` 2V,1넋#9Uus {3@Qaϙ̌LJ[eҐzE2}`=`@|PM({v~@l 0U:m77h+3zGHž`p/Z-h扱 x\cD/L7 1xa"ꈞ쒀l켠&sڸ2Jn_l'-.g׷Si_RvCYp,6gIള…OX;'(&vw3H۱[d RMJh24&a3vYd tᤁ]YƷ8J[:*e4ld|3%G 1AdƠ:=uG&= @1;ZCaz/]@ %28m n :Iʓ~0.<Էhs Dʎ6@|05):f r5:# G \)ϲktTwFk|B^/Pk<_\#!n,LsD'^Tˀ-Du !]B~{Sh'K/cԀ-RM*?Q%$:MqbO nԣ%FzWSRUW}?_j8k85?9zwE9N.܇翅/#p:B*4waJ͎G^џ%_B4m|B ^Πȏ߂M{y?lτ]K> @ tns-wXc{IXDq&Et|Ԥ IcFiq@InZ\I%!wE$-FFim hݽ8Th=KoE**ӻF&nAE/HVPg! eLpUVV͇OܤP&FL9Uk -30-/҆4-9)|Iz#*z@~-ގ~HI5rׁ9IdX;SS4h0)Ic/Bx+ S}t$zku`@l QVkZԑ<hģɊR֓xЖ紖o ERv)i@X@̕#jқ_J"a?Zۀ9 ~2=-eR1 [Ba;nnj$y88E˕o< 5KٛЬ:~#QkL$%D/-x\8IB;6aa)A9k-…VOQz #6 8+)|ڨ[W7i5JKykn\Fk-KX>4Dc`\pǣBn0œ6#UzCʤ)r6 R$ /i"uI9QʆM)ܙ!A ")@@t"o/ůP#rQ#ټO26M6AaH2Y0;7ҵmy !ts>2YEf[o"5KBv{KY{od2E .VY?a} hd-ByׂW8_74>\~KCh8FכöaaRYRkq-tk%dB% ` OGdTS#M `8&ۖxf_: 8ijڞbJJ&ЪeGԅ[d4,wgX}M}:rLK,.؄7=ۖ|P@.@eBGKF.+&`@)-s}-Ƴs&=*\gFi2>jR sѐZ:䓷D<&d[Ռ\3o/yCE ̓!53}-LBp e%f˺KGOBIªl+)'"$jlp\Ya 5R_IOY0S>U'\.f#o *0S{nT8kp)>KN\D)ՄFSAjP S)HLo۵G~vۖKVM-MòzT۵dnN{jMyuv凘PXa,؋R341 l>H% m:HjAPPPnSS8UF.0iI @c0૘b3!1둕3P)M6iv YK`(D-̊8Km7iHcᄇ*!ԦAH-'(6 3cڵE% !鈨G \ryLtV?ٝ/ts+5EZK/t4씈+1|)/y@XNH4;<̵o([O5,PK jO -mI-gyiǹѝIO'2v4%ILGMbSIux@Sc]g>ۀ.(siu\^l+9zc9DpGZF8RteUoYd &@5YhȺ\}*bG@izUN yP-BJ)y֕&3E ;d (1Q`F?^hM']LѤuȤk}47VG* \{Yy3D)H!}MmG * 9`F%ptUW1)(JDs]qdo; --۩$B&NKķIK$ZjFx]\bKo/tjl+ArχF_dΣr_I17[G'OhQCuRdo<d(Y k`D \T;;;퉳MM-X.5 +<7NiO~,Y(0ШgN  lعe+A&T|=qhTYhFD?jp ä꠱Fz iq448C:z(+%t12e-.£Ocw.Vqz$>[#/ŕAQ)VޚYK9z;j?1;Dp^eMH}~t SdXpE YUDH}7qSEe B c4F5̸A+ Mds"@&Sjl/ UKMT[;.g}Re{|Ґ[ sSt#o 7ʘޏ;"` )rrđT27 Q*' X5vs a-^5#';|o{~0ߧuX,fn,*Ͽ?2&Wb'}=r2GYX zϠ$lfb Z Dye#`.;1m@IP[(yv\A=ie-!(*KrccQ8gUy8j]̙&@ou|沿e\^R/`J˯w&DA+4=ưBZ?PĦ+׃CFFb6SLVA@Cעv$d)Vdw =g!5}_1*n1o>b~Pߐm=BsA#d2e[}wAՓ7+JB?`V'6.C= )I=ڪ&z$5dS 2[Mh0)ha}T= A;p3cbg]JWKgϦAms(ϭJ6$bGA4*:޶OcbZK zp+7?){ ^3@ǠǦxn`cKpyh\t64n<`v+XzOM_rв[{ہhaJC$4g2kt\ F.S1BNę]p9Ν\GKv8:b0Ca0|@STă2R߫4Ij=(׋m: 9|c.JFø-fy[=Ư8`0z=^#4`'WZ,G'A1 CK`|!$Q_7^f7!-9 IƦh V>A%;ҢM. h|O/CJ칤TʢШ99%(k(c[Ga,햙̢l+a{΂D=VMcq+4Iۯ<[L]c1dEխUSfC~F{qh+8W2}T)I$mf'4Z5P9O Ҹ>$+l#>c7-Uc/̈́Sͩ{27s6OV]Fn#/"Y2-*FU yIWmtwR2Оb 8FtOvPUᇣGкn5?Ȳ1lN TB\A sR\c E$/'3Gs0s@;%v@~C$SBY~"uPYBГگw4MBZfR[H4`{+G,.-@~ERcQF]Z) i= @ wmS+*Ony7GZ4N8#P>qiyGft$MC@Mnft͘F|5A}~ –rXi@wt< 1$7̃.zu׫µ%0/\U[ C_˟‹Zv:YG)yC{<B\E清$$ӚWR\>!"6 ]W9FM9[jQjxEK]p3Y_wi2"̑Ttɔg=L/ꨞR8I=@p˱V1vDغ>1Ն*.oLC)ZU*['W h},PEqoؒ: ?w' V4\Ȩ8aY]/h "3_W#>{ Xӊ(8uj Rb?8㿱Ḃ:o#q`?Q9ܶ2{|/0՗#/q !#2d#I tL߇AJ6M"&O+M|2 < V-C--⧟!uz5_=1LYm>JͶ10!z+dE[UǰdQ;Ro `4sVW}B(xaѪ3w Æ{uX5|oKyfhj J=YБ~Z0O&Ix9/I5n/}5lqYe7l`UEXi45Qp<ۚ{8AM/LB5,TNuF,0S i`N{ZM: aj` BVEEH`|}(Ƅr*>haU5 8G;k){1ax]Ζ!?:c!Ipɜb@2v7;VKml8U18,{:&Gq*(ОPV}]WR.ɛrɫ~OaqA{F8QB8@%cBv|e> ]B$03Qql'̜pD:,Zr1 78''HeI= S?-hY`8{\L،Kor=>BbC ͙ 2(` &Ѹ骮=B4=JaDos)Oݲ [E# P=w]? $RFj"Z[bKmSeM-{2AFL ;m!F6ɪW ?r\lǓX5|aGv&4m s_Qe-9j2d̐E_՟D,c`i~>p 8ŋ%B3wkpV1?]!1玐`w#M{o0{&,7X 2TܵAݬz'4;wkY$@_/kz.}hbmvV5 ח) zo cD8u쩲]![zbPp01P#G{&푹X T,*N:ƯJ ZԟX{4L6wFKGFbsY,n)uŞqW7}&H)2ś*dΰq'.Ը?h;wi._y*&7kd#-V@/hgϯ:4SPeNݿpIw_R ֨*GkY|̾MM-#y!x=lD'~t-ge]5;gS2tnxRFCyn&)Ey՜=Zkrb_'@R^SFWsXFD4Kչ<Þ:/$_,b$mpӆHq!ᦺk:բw. x))@N-S`ߓKy1<b,Y7Laֳ7 vћ/IIu^ONPQ\ }=Wj@|-MXp^z~Nh 6?Ǔ|ȗn58 Q-߁Du>6nnq/oY'V¤ 6z\b@{9Zi>̻k_ȝSsewն+$5IQçyMWef5I%{PC.4mi=z5X .MR(p+D*C} >M"Oc#t~a*l4Rxx{Nwvϡ\y9 7X} yKkM@0K1r;6ͷԪeO"I?"t}cX;8{0x}kE錻a&E8\ZN NK*@mXtdxKLSrYNd~x'4GmA92*y0*6:\/ز7v&ɨׯ?+lP6p^/7~$w2MOϨ"n:])"aYaPU/Du qbA0PX_r$KN.\FjۃFi)Dnc="e~zm~ғ,j6twRR\}2:M`/*ضɛu(k9U@%\*\(/ZX:_¬FesCA^B>n/,3QuQ'@`^x,ӎ^\ĄQڰ7;;37^jӜn=z!k;@f>;v +T@-aޟ|ft#}?SÉG6Ih|-xpp0xnEc>õuOž^\2*屄XIsPZLט'PMmG;NnD0AK;MCכSǡX:OG5P$ h5, hǟ} \L>XCN@ A\ : @#PQkzL4E;FL!p(r ioW5*D9~>igĉjڦEX[x73jpO`_w0 ?u,ypB}.,žFN. ˲-Ξ ̧7'vj ѷ\vKP{M?%"!R`6mz F%/Me䊍d9-ApCI|$'y:XkVGAfPRZ ;EBsh- ALڷK:=gD>@it bK[gءKzpjx%$3+dj!/RV6B̡+Vk 7+ŊËIa/IAdNdO3Ё%)~q=$Aw=ڟNN*L?f[g+s2n#5 *T>7_$޽] lW9]"հ&) WnKZtRa: Xs!>$Y= *kaBW  D,tw6}u-c=N\/6UO?yܚ@q{o)W]Y`A=ṉdoB}GxSnӅflXij\DGвvJA嵀z`)r6{>6mLdGDL_Ɓ쀶93 p);ӭ_N*xbNߗV&@3\mvMS5Q32z`)pP)^hFcҐX Ll(AAD 踮z_,u®iB"$~g<,$X>۳W4NX:k@'fUr@b1wuU Q{>1ɳlU%m]D%6FJگο <$ 48! }LHܽa"1XRH/=q.[EH?20XPºuDvȱVV<|R뵷'RACaF枪PY/Ncg ?ҿS-Sw].E.E&FEX}):rý2*$:0P:HCJI azըDǏ%v`9yC.{\ %ɉQZ,;Lɲ/VS(I~F0ia iՋz -~)#?8p*nQVқG.X2ZGlSWڳѡdm^u5؈!%W Y2ڼNmgUHmj5k[ӬƯD?B+X?}ޜHg\i"2nv$b]l 5kT)q\WsƘ =;^D3 x:?tP9-t>@zr_{v*4$:b <$= C9BZz&-F"ss!aWtʁ׷lUJ=KpeYh ט]^r">y7¹-=j碹%n)⧮ߵb-ܝiLY(~J:|+7MVBD,)\rq]#I~6ĝp&,-LBPVsJj@;+֡qI Kwu*AL'wWPti~*M 5ue$O*Čy^8)p8YCڙ# HO5nW4NHL L `K Cs/-lى|n6ܜAgN0~*xLUXb쯗ewxɄg]s1UQ 4  YZ